Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-24T01:52:33

Updated: 2024-08-04T22:10:08.403Z

Reserved: 2019-03-23T00:00:00

Link: CVE-2019-9970

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-24T02:29:00.670

Modified: 2024-11-21T04:52:42.287

Link: CVE-2019-9970

cve-icon Redhat

No data.